On 25 September 2014 23:02, zaki at manian.org <zaki at manian.org> wrote:
> The value proposition of CT remains ambiguous because the following
> questions remain unanswered.
> - What are the practical barriers to serving a falsified key to a user
> that does not appear in the globally available log?
I was under the impression that this was the CT log forking the log to
present valid looking data to Bob, while presenting the globally
available log to Alice and everyone else. Bob gets owned. The
technical work of forking the log is just some code and some
signatures.
> - What sort of evidence of malicious behavior by a key server would be
> perceived as credible?
If key server means 'CT-like log' in this context, I think this is
covered. See: http://tools.ietf.org/html/rfc6962#section-7.3 and
http://www.certificate-transparency.org/faq#TOC-Aren-t-you-just-creating-a-CA-of-CAs-
The way I think this will work in practice is:
- A log will go down for longer than the MMD. Technically, everyone
should drop the log, but people make mistakes so we won't blacklist it
- Some log will have a bug and present a fork for which we are able
to ascertain all the details of. There will be a period of a month or
two for everyone to get their shit migrated, then people will drop the
log. A new log will be started on the new, fixed, codebase, and in a
year it will be trusted again.
> - What incentives do auditors face? Would they face incentives to collude
> with the identity providers or robustly investigate report of MITM attacks?
>> The first two questions remain unanswered because CT proposals are still
> incomplete. The third question may be incomplete because answering it
> requires skills not present in our community. Analyzing incentives governing
> the behavior of rational actors is the specialty of economists.
You can talk of economics, but the fact is a number of people who
operate in the space of "Let's watch CAs, let's find proof of Google
being evil" are not 'rational actors' ;)
I'm assuming you mean auditor in the sense of a CT Auditor, and not
Earnst and Young. Auditors investigate misbehavior of logs - not MITM
attacks. (Obviously, misbehavior, of a log can lead to a MITM, but
they're distinct.)
There will be lots of auditors, just as there are lots of people
watching CAs for misbehavior today. The incentives are varied: some
people will do it because they hate Company X who runs a log, others
because they want to prove all of CT to be worthless, others because
it's their job as part of making the internet safe, others because
they like crypto.
The hard part of being an auditor isn't the technical aspect or
'finding the time', it's collecting data. It's like finding misissued
certificates - it's very difficult to find a google.com cert signed by
CNIC, it's very easy to 'investigate it' (run it through a couple
OpenSSL commands) and then put it up on the internet for everyone to
see. At that point it's out of the auditor's hands - the misbehaving
log will respond (or not) and the large providers of trust
infrastructure (browsers, OSes) will believe them (or not) and take
action (or not).
If it's not clear - I'm not arguing that CT is the way to go, I quite
like The Simple Thing as a practical way forward. I'm just providing
commentary.
-tom